GPG or The GNU Privacy Guard is a standard and tool for encrypting and signing pretty much any data or communication, it consists of a pair of keys; one private and one public, to sign something a non-shareable password must be entered.
This guide is mainly intended for programmers wanting to have their keys ready and set to sign their emails and/or commits.
If the keys are in order, both GPG files with public and private blocks then skip to Route #2: Use an existing GPG key.
Take the following as reference:
Real name: Your Name Email address: <your_email> Comment: You selected this USER-ID: "Your Name <your_email>"
Note: Now the GPG keys can be used and exported, it’s recommended to set a trust level. Remember that the private key is only for you to have (unless you really trust uploading it to a service).
This is important in case of changing or losing the operative system.
Export the public key
gpg --armor --export keyIDNumber
Export the private key
gpg --export-secret-keys keyIDNumber
if there is no GPG key then go back to Route #1: Generate the GPG key.
gpg --import pub.gpg
gpg --allow-secret-key-import --import pri.gpg
Provide the passphrase for the private key to be imported.
gpg --list-secret-keys --keyid-format LONG
It’s recommended to set the key to a trust level, if so, set a 5, so it can be used as an owned key.
gpg --edit-key (keyIDNumber) gpg> trust 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately (set this one) m = back to the main menu
if you want that sweet sweet Verified mark for every commit on your preferred Git platform, you need to do the following:
The next configuration must be applied inside every project folder where is required to sign commits with the selected key. In the case of a system-wide configuration use the
--global parameter instead of
git config --local user.name "USERNAME"
git config --local user.email "firstname.lastname@example.org"
Set GPG key
git config --local user.signingkey keyIDNumber
Require signing on every commit
git config commit.gpgsign true
Finally, elaborating in detail about any feedback and/or suggestion about this procedure is appreciated.